CVE-2014-3477

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

El demonio dbus en D-Bus 1.2.x hasta 1.4.x, 1.6.x anterior a 1.6.20, y 1.8.x anterior a 1.8.4, envía un error AccessDenied al servicio en lugar de al cliente cuando el cliente tiene prohibido el acceso al servicio, lo que permite a usuarios locales causar una denegación de servicio (fallo de inicialización y salida) o posiblemente realizar un ataque de canal lateral a través de un mensaje D-Bus a un servicio inactivo.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-07-01 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0266.html	X_refsource_confirm
http://secunia.com/advisories/59428	Third Party Advisory
http://secunia.com/advisories/59611	Third Party Advisory
http://secunia.com/advisories/59798	Third Party Advisory
http://www.securityfocus.com/bid/67986	Vdb Entry
https://bugs.freedesktop.org/show_bug.cgi?id=78979	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567	2023-12-27
http://seclists.org/oss-sec/2014/q2/509	2023-12-27

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html	2023-12-27
http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html	2023-12-27
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html	2023-12-27
http://www.debian.org/security/2014/dsa-2971	2023-12-27
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176	2023-12-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.2 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.2"		-		Affected
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.4 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.4"		-		Affected
D-bus Project Search vendor "D-bus Project"		D-bus Search vendor "D-bus Project" for product "D-bus"				1.2.4.6 Search vendor "D-bus Project" for product "D-bus" and version "1.2.4.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.1 Search vendor "Freedesktop" for product "Dbus" and version "1.2.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.3 Search vendor "Freedesktop" for product "Dbus" and version "1.2.3"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.4 Search vendor "Freedesktop" for product "Dbus" and version "1.2.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.6 Search vendor "Freedesktop" for product "Dbus" and version "1.2.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.8 Search vendor "Freedesktop" for product "Dbus" and version "1.2.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.10 Search vendor "Freedesktop" for product "Dbus" and version "1.2.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.12 Search vendor "Freedesktop" for product "Dbus" and version "1.2.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.14 Search vendor "Freedesktop" for product "Dbus" and version "1.2.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.16 Search vendor "Freedesktop" for product "Dbus" and version "1.2.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.18 Search vendor "Freedesktop" for product "Dbus" and version "1.2.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.20 Search vendor "Freedesktop" for product "Dbus" and version "1.2.20"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.22 Search vendor "Freedesktop" for product "Dbus" and version "1.2.22"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.24 Search vendor "Freedesktop" for product "Dbus" and version "1.2.24"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.26 Search vendor "Freedesktop" for product "Dbus" and version "1.2.26"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.28 Search vendor "Freedesktop" for product "Dbus" and version "1.2.28"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.2.30 Search vendor "Freedesktop" for product "Dbus" and version "1.2.30"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.3.0 Search vendor "Freedesktop" for product "Dbus" and version "1.3.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.3.1 Search vendor "Freedesktop" for product "Dbus" and version "1.3.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.0 Search vendor "Freedesktop" for product "Dbus" and version "1.4.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.1 Search vendor "Freedesktop" for product "Dbus" and version "1.4.1"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.4 Search vendor "Freedesktop" for product "Dbus" and version "1.4.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.6 Search vendor "Freedesktop" for product "Dbus" and version "1.4.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.8 Search vendor "Freedesktop" for product "Dbus" and version "1.4.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.10 Search vendor "Freedesktop" for product "Dbus" and version "1.4.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.12 Search vendor "Freedesktop" for product "Dbus" and version "1.4.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.14 Search vendor "Freedesktop" for product "Dbus" and version "1.4.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.16 Search vendor "Freedesktop" for product "Dbus" and version "1.4.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.18 Search vendor "Freedesktop" for product "Dbus" and version "1.4.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.20 Search vendor "Freedesktop" for product "Dbus" and version "1.4.20"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.22 Search vendor "Freedesktop" for product "Dbus" and version "1.4.22"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.24 Search vendor "Freedesktop" for product "Dbus" and version "1.4.24"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.4.26 Search vendor "Freedesktop" for product "Dbus" and version "1.4.26"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.0 Search vendor "Freedesktop" for product "Dbus" and version "1.6.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.2 Search vendor "Freedesktop" for product "Dbus" and version "1.6.2"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.4 Search vendor "Freedesktop" for product "Dbus" and version "1.6.4"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.6 Search vendor "Freedesktop" for product "Dbus" and version "1.6.6"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.8 Search vendor "Freedesktop" for product "Dbus" and version "1.6.8"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.10 Search vendor "Freedesktop" for product "Dbus" and version "1.6.10"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.12 Search vendor "Freedesktop" for product "Dbus" and version "1.6.12"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.14 Search vendor "Freedesktop" for product "Dbus" and version "1.6.14"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.16 Search vendor "Freedesktop" for product "Dbus" and version "1.6.16"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.6.18 Search vendor "Freedesktop" for product "Dbus" and version "1.6.18"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.8.0 Search vendor "Freedesktop" for product "Dbus" and version "1.8.0"		-		Affected
Freedesktop Search vendor "Freedesktop"		Dbus Search vendor "Freedesktop" for product "Dbus"				1.8.2 Search vendor "Freedesktop" for product "Dbus" and version "1.8.2"		-		Affected